[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

snooky · le 10 mai 2005

kaspersky_overlord_software%20(Custom).png

Vise ma signature... Kaspersky 5 personnal.

kato74 · le 11 mai 2005

salut et merci d'avance pour l'aide

Logfile of HijackThis v1.99.1

Scan saved at 17:43:18, on 11/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\tcpcheck.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\udpcheck.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\messenger plus3\MsgPlus.exe

C:\WINDOWS\system32\PCsync.exe

C:\WINDOWS\system32\cthelper.exe

C:\WINDOWS\system32\hotkeysvc.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

C:\Program Files\eMules\emule.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\recycler\rlss.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\messenger plus3\MsgPlus.exe"

O4 - HKLM\..\Run: [CTHelper] cthelper.exe

O4 - HKLM\..\Run: [PcSync] PCsync.exe

O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe

O4 - HKLM\..\RunServices: [PcSync] PCsync.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\messenger plus3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [PcSync] PCsync.exe

O4 - HKCU\..\Run: [CTHelper] cthelper.exe

O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe

O4 - HKCU\..\RunServices: [PcSync] PCsync.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O4 - Global Startup: Vodafone Remote Access.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.0_03) -

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{77729423-563E-40A7-B47D-669FDCCF7A41}: NameServer = 80.10.246.2,80.10.126.129

O17 - HKLM\System\CCS\Services\Tcpip\..\{7882B6C5-22A7-45C0-AB75-59C2E7A89AD5}: NameServer = 80.10.246.2,80.10.126.129

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Brought to you by the Bandwidth Bandits - C:\WINDOWS\SYSTEM32\tcpcheck.exe

O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

snooky · le 11 mai 2005

@kato74 :

Ces 2 fichiers ne doivent plus apparaitrent sur ton pc :

C:\WINDOWS\system32\cthelper.exe

C:\WINDOWS\system32\hotkeysvc.exe

Termine ces processus si présents dans le gestionnaire de tâches.

Désactive la restauration system.

Ferme toutes les fenêtres IE6.

Passe ccleaner.

Fixer Objet avec Hijackthis sur ces lignes :

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] cthelper.exe

O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe

O4 - HKCU\..\Run: [CTHelper] cthelper.exe

O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Reboot.

Fait un scan en ligne ici :

Trojanscan

Poste un nouveau rapport pour vérification.

C:\Program Files\Kerio\WinRoute Firewall\winroute.exe est encore présent sur ton pc ?

Si non , installe Kerio 2.1.5 français et gratuit.

http://snooky730.free.fr/kerio-pf-2.1.5-en-win.exe

http://snooky730.free.fr/kpf_fr.exe

kato74 · le 11 mai 2005

Comment desactive t'on la restauration system?

snooky · le 11 mai 2005

Enfonce les touches windows + Pause , va à l'onglet Restauration.

...ou Clic droit sur Poste de Travail / Propriétés.

Merenwen · le 11 mai 2005

Bon j'ai enfin fait ce petit rapport. J'attends votre ordonnance docteurs Merci !

Logfile of HijackThis v1.99.1

Scan saved at 14:17:34, on 11/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\TheTurtle\TheTurtle.exe

C:\PROGRA~1\Serv-U\SERVUT~1.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\progra~1\winamp\winamp.exe

D:\Samurize\Client.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE

C:\Program Files\eMule\emule.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\OpenOffice.org 1.9.100\program\soffice.exe

C:\Program Files\OpenOffice.org 1.9.100\program\soffice.BIN

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe

O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\PROGRA~1\Serv-U\SERVUT~1.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Client Default.lnk = D:\Samurize\Client.exe

O4 - Startup: OpenOffice.org 1.9.100.lnk = C:\Program Files\OpenOffice.org 1.9.100\program\quickstart.exe

O4 - Startup: Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107824484612

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: MsgPlusLoader.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

kato74 · le 11 mai 2005

voila j'ai tous fait comme tu m'as dit et encore merci pour l'aide

Logfile of HijackThis v1.99.1

Scan saved at 19:06:22, on 11/05/2005